Random data and key generation evaluation of some commercial tokens and smart cards

Boorghany, A ; Sharif University of Technology

623 Viewed
  1. Type of Document: Article
  2. DOI: 10.1109/ISCISC.2014.6994021
  3. Abstract:
  4. In this paper, we report our evaluation of the strength of random number generator and RSA key-pair generator of some commercially available constrained hardware modules, i.e., tokens and smart cards. That was motivated after recent related attacks to RSA public keys, which are generated by constrained network devices and smart cards, and turned out to be insecure due to low-quality randomness. Those attacks are mostly computing pair-wise GCD between the moduli in public keys, and resulted in breaking several thousands of these keys. Our results show that most of the tested hardware modules behave well. However, some have abnormal or weak random generators which seem to be unsuitable for cryptographic purposes. Moreover, another hardware module, in some rare circumstances, unexpectedly generates moduli which are divisible by very small prime factors
  5. Keywords:
  6. Hardware Security Module ; Random Generator Evaluation ; RSA Common Prime ; Cryptography ; Hardware ; Hardware security ; Number theory ; Security of data ; Smart cards ; Transportation ; GCD Attack ; Hardware modules ; Key generation ; Low qualities ; Network devices ; Random generators ; Random number generation
  7. Source: 2014 11th International ISC Conference on Information Security and Cryptology, ISCISC 2014 ; 2014 , p. 49-54
  8. URL: http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=6994021